Date: Tue, 12 Aug 1997 00:04:41 -0300 (EST) From: Joao Carlos Mendes Luis <jonny@mailhost.coppe.ufrj.br> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/4276: DNS security problems Message-ID: <199708120304.AAA20896@gaia.coppe.ufrj.br> Resent-Message-ID: <199708120310.UAA21833@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4276 >Category: bin >Synopsis: Security problem with DNS resolution >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 11 20:10:02 PDT 1997 >Last-Modified: >Originator: Joao Carlos Mendes Luis >Organization: COPPE/UFRJ >Release: FreeBSD 2.2-STABLE i386 >Environment: 2.2-STABLE from around 97.07.23. 2.2-RELENG from 97.06.28 does not show this behaviour. >Description: who and last report "invalid hostname" when the DNS reverse name of the origin host is invalid. This has serious security issues. The correct approach would be to report the IP Address. >How-To-Repeat: 1) Pick a host to serve as a origin to telnet or rlogin. 2) Point it's DNS reverse name to something inexistent. Note: Must be an inexistent or invalid direct DNS address. 3) telnet or rlogin to the 2.2 box And presto: gaia::jonny [502] who jonny ttyp2 Aug 8 15:37 (146.164.63.6:S.0) jonny ttyp3 Aug 11 14:03 (146.164.63.6:S.2) jonny ttyp4 Aug 11 14:23 (146.164.63.6:S.3) jonny ttyp5 Aug 11 16:39 (146.164.63.6:S.4) jonny ttyp7 Aug 11 23:57 (invalid hostname) >Fix: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708120304.AAA20896>